4 Digital Security RisksA digital security risk is any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capabilityAny illegal act involving the use of a computer or related devices generally is referred to as a computer crimeA cybercrime is an online or Internet-based illegal actDiscovering Computers 2014: Chapter 5Page 202

7 Internet and Network AttacksInformation transmitted over networks has a higher degree of security risk than information kept on an organization’s premisesMalware, short for malicious software, consists of programs that act without a user’s knowledge and deliberately alter the operations of computers and mobile devicesPagesTable 5-1Discovering Computers 2014: Chapter 5

9 Internet and Network AttacksA botnet is a group of compromised computers or mobile devices connected to a networkA compromised computer or device is known as a zombieA denial of service attack (DoS attack) disrupts computer access to Internet servicesDistributed DoS (DDoS)A back door is a program or set of instructions in a program that allow users to bypass security controlsSpoofing is a technique intruders use to make their network or Internet transmission appear legitimateDiscovering Computers 2014: Chapter 5Pages

11 Unauthorized Access and UseUnauthorized access is the use of a computer or network without permissionUnauthorized use is the use of a computer or its data for unapproved or possibly illegal activitiesDiscovering Computers 2014: Chapter 5Page 210

13 Unauthorized Access and UseAccess controls define who can access a computer, device, or network; when they can access it; and what actions they can take while accessing itThe computer, device, or network should maintain an audit trail that records in a file both successful and unsuccessful access attemptsUser namePasswordPassphraseCAPTCHADiscovering Computers 2014: Chapter 5PagesFigure 5-6

14 Unauthorized Access and UseA possessed object is any item that you must carry to gain access to a computer or computer facilityOften are used in combination with a PIN (personal identification number)A biometric device authenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computerPage 213Discovering Computers 2014: Chapter 5

18 Discovering Computers 2014: Chapter 5Software TheftMany manufacturers incorporate an activation process into their programs to ensure the software is not installed on more computers than legally licensedDuring the product activation, which is conducted either online or by phone, users provide the software product’s identification number to associate the software with the computer or mobile device on which the software is installedDiscovering Computers 2014: Chapter 5Page 215

22 Discovering Computers 2014: Chapter 5Information TheftA digital signature is an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the senderOften used to ensure that an impostor is not participating in an Internet transactionA digital certificate is a notice that guarantees a user or a website is legitimateA website that uses encryption techniques to secure its data is known as a secure siteDiscovering Computers 2014: Chapter 5Page 218

25 Hardware Theft, Vandalism, and FailureTo help reduce the of chances of theft, companies and schools use a variety of security measuresDiscovering Computers 2014: Chapter 5Page 219Figure 5-14

26 Backing Up – The Ultimate SafeguardA backup is a duplicate of a file, program, or media that can be used if the original is lost, damaged, or destroyedTo back up a file means to make a copy of itOff-site backups are stored in a location separate from the computer or mobile device siteCloud StorageDiscovering Computers 2014: Chapter 5Page 219

30 Discovering Computers 2014: Chapter 5Ethics and SocietyComputer ethics are the moral guidelines that govern the use of computers, mobile devices, and information systemsInformation accuracy is a concernNot all information on the web is correctPagesFigure 5-18Discovering Computers 2014: Chapter 5

31 Discovering Computers 2014: Chapter 5Ethics and SocietyIntellectual property refers to unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logosIntellectual property rights are the rights to which creators are entitled to their workA copyright protects any tangible form of expressionDigital rights management (DRM) is a strategy designed to prevent illegal distribution of movies, music, and other digital contentDiscovering Computers 2014: Chapter 5Page 225

34 Discovering Computers 2014: Chapter 5Information PrivacyInformation privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about themHuge databases store data onlineIt is important to safeguard your informationDiscovering Computers 2014: Chapter 5Page 227

36 Discovering Computers 2014: Chapter 5Information PrivacyInformation about you can be stored in a database when you:Fill out a printed or online formCreate a social networking profileRegister a product warrantyPagesFigure 5-22Discovering Computers 2014: Chapter 5

37 Information Privacy Allow for personalizationA cookie is a small text file that a web server stores on your computerWebsites use cookies for a variety of reasons:Allow for personalizationStore user names and/or passwordsAssist with online shoppingTrack how often users visit a siteTarget advertisementsDiscovering Computers 2014: Chapter 5Page 229

39 Discovering Computers 2014: Chapter 5Information PrivacyPhishing is a scam in which a perpetrator sends an official looking message that attempts to obtain your personal and/or financial informationWith clickjacking, an object that can be clicked on a website contains a malicious programDiscovering Computers 2014: Chapter 5Page 231

40 Discovering Computers 2014: Chapter 5Information PrivacySpyware is a program placed on a computer or mobile device without the user’s knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is onlineAdware is a program that displays an online advertisement in a banner or pop-up window on webpages, messages, or other Internet servicesDiscovering Computers 2014: Chapter 5Page 231

41 Discovering Computers 2014: Chapter 5Information PrivacySocial engineering is defined as gaining unauthorized access to or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of othersDiscovering Computers 2014: Chapter 5Page 232

42 Discovering Computers 2014: Chapter 5Information PrivacyThe concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal dataSee Table 5-4 on page 233 for a listing of major U.S. government laws concerning privacyDiscovering Computers 2014: Chapter 5Pages

43 Discovering Computers 2014: Chapter 5Information PrivacyEmployee monitoring involves the use of computers, mobile devices, or cameras to observe, record, and review an employee’s use of a technology, including communications such as messages, keyboard activity (used to measure productivity), and websites visitedMany programs exist that easily allow employers to monitor employees. Further, it is legal for employers to use these programsDiscovering Computers 2014: Chapter 5Page 233